Facebook data including username, phone numbers, names and some other data has been exposed to an online database, which could possibly be used for spam and phishing tactics. Most of the user data leaked are from the U.S.
Comparitech along with security researcher Bob Diachenko managed to uncover the leakage at a Elasticsearch cluster. Based on the evidences. It is believed that the leaked data is result of an illegal scraping activity or Facebook API abused by Vietnamese criminals.
A total of 267,140,436 records were compromised. The security expert mentions that all of them seem to be valid. Each consists of:
- Facebook ID
- phone number
- full name
- timestamp
Facebook IDs are unique, public numbers associated with specific accounts, which can be used to discern an account’s username and other profile info. Because of this, Facebook users are advised to set their privacy settings to “Friends” and set the “Do you want search engines outside of Facebook to link to your profile?” setting to “No.” Diachenko also said to be wary of suspicious, unsolicited text messages.
Facebook users can minimize the chances of their profiles being scraped by strangers by adjusting their account privacy settings:
- Open Facebook and go to **Settings**
- Click **Privacy**
- Set all relevant fields to **Friends** or **Only me**
- Set **”Do you want search engines outside of Facebook to link to your profile** to **No**
This will reduce the chances of your profile being scraped by third parties, but the only way to ensure it never happens again is to completely deactivate or delete your Facebook account.